首页>
外国专利>
Method and apparatus for detecting malicious shell codes using debugging events
Method and apparatus for detecting malicious shell codes using debugging events
展开▼
机译:利用调试事件检测恶意shell代码的方法及装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
An apparatus for detecting malicious shell codes using a debugging event includes an alert setting unit configured to set a mother program to run a non-executable file to trigger the debugging event when a mother process created by the mother program tries to execute a code with no execution attribute; and an information storage unit configured to store information on an address range in which modules to be used by the mother process are loaded in a memory. Further, the apparatus includes a malicious code determination unit configured to determine whether the non-executable file is malicious using the information on the address range when there occurs the debugging event.
展开▼